Jump to content

Quick Question About Session Variables & Posting Through PHP Form

jdlev

By jdlev
in MySQL Help

 Share

Recommended Posts

jdlev Member

jdlev

Posted
Posted (edited)

Here's the deal. My user auth. carries a session variable that is a user's account number. Whenever they submit a form, I want their account number to submit with the rest of the information on the form.

 

I assume I should use a hidden field? Can someone post an example of the coding I would use to make the hidden field equal to the session variable?

 

One other question on session variables. Can a user see them like in their cookies or somewhere? I'd like to keep the session variable private to improve security if i could.

 

TIA! :)

Edited by jdlev
Link to comment
Share on other sites
jdlev Member

jdlev

Posted
  • Author
Posted (edited)

Well, figured out the answer to my own question, but I'm still curious about the ability to view session variables?

 

For anyone else wondering...you can pull in a session variable to a hidden field like so:

 

<input type="hidden" name="loginName" id="loginName" value= "<?php echo $_SESSION['MM_loginName']; ?>" />

Edited by jdlev
Link to comment
Share on other sites
DaveyK Newbie

DaveyK

Posted
Posted

Why would you post a session to a hidden field? The session will exist throughout the pages so you should just be able to use it on the other page.

 

Also, input values can be changed using firebug, so if you would use this method, a user would be able to change the variable in that hidden input and be anyone he wants to be.

Link to comment
Share on other sites
jdlev Member

jdlev

Posted
  • Author
Posted

Crap! When the user submits information in the form, it goes to a universal database of all accounts. So I send the account number session variable in with the form data to be sorted later. Any suggestions on making it more secure? I could make it so the username associated with an account HAS to match the acct number in order to run the query to update/edit/delete records I guess? Then, even if they could change their acct number in firebug, they couldn't change their username beause they wouldn't know the password to log in with?

 

Thanks for your help daveyk :)

Link to comment
Share on other sites
jdlev Member

jdlev

Posted
  • Author
Posted

Ok...let's head in a different direction. I'm able to view all records associated with a username, and only that username.

 

Here's what I want to do now. I want to give the user two options. I want to allow them to select one of the records and update or delete it.

 

How would I do that? Do I need to create a unique ID for each funeral event? I assume that's the case. Then maybe just bind the checkbox that is created dynamically to the event ID? Person clicks submit, and the browser sends them to the next page where they can update their fields?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.